All of my virtual machines running Windows Server 2012 R2 have a security health issue related to the Sophos System Protection Service not running. The windows administrative tool Services reports the status of the service as Starting and not Running. The service can't be stopped or started since the options are greyed out. A restart of the server didn't resolve the issue.
Hi Craig,
Thanks for reaching out to the Sophos Community Forum.
If you're unable to interact with the services, this may be due to Tamper Protection being enabled.
Try sharing some of the recent log lines from the following log file.
- C:\ProgramData\Sophos\Endpoint Defense\Logs\SSP.log
You may also want to check for any errors in windows event viewer as well.
Hi Craig,
Thanks for reaching out to the Sophos Community Forum.
If you're unable to interact with the services, this may be due to Tamper Protection being enabled.
Try sharing some of the recent log lines from the following log file.
- C:\ProgramData\Sophos\Endpoint Defense\Logs\SSP.log
You may also want to check for any errors in windows event viewer as well.
Thanks for adding to the discussion.
In a neighboring thread a community member was able to correct this issue by disabling the "Data Loss Prevention" policy from Sophos Central on all devices, followed by a reboot.
Please let me know if this works for you.
Update:
A KBA has been published related to this issue. Our development team has identified the root cause and is working on a fix. Please use the temporary workaround in the meantime.
- Advisory: Sophos System Protection Service may hang in a 'Starting' state after the system was rebooted
